Risk profile
Timefold is committed to your data privacy and security. This section documents the risk profile of the platform managed and hosted by Timefold (“Timefold Cloud Platform”).
Recovery point objective
Our recovery point objective in case of critical failure is 6 hours for critical data (tenant settings).
Third party dependence
Timefold Cloud Platform uses third-party services to manage and support customers. A list of sub-processors can be found in Annex 2 – List of current Sub-processors of Timefold’s Data Processing Agreement.
Hosting
Timefold Cloud Platform is hosted on major cloud providers (Google Cloud, region europe-west1 for app.timefold.ai). A list of sub-processors can be found in Annex 2 – List of current Sub-processors of Timefold’s Data Processing Agreement.
Sensitive data, PII, and PHI
Timefold processes a limited amount of personal data, such as account information, in accordance with our Privacy Policy. We do not intend to process any sensitive personal data or protected health information (PHI).
Timefold Cloud Platform is used for solving planning problems. Customers are responsible for ensuring that any data they send to Timefold services (such as input datasets or optimization problems) does not contain personally identifiable information (PII) unless it is anonymized or obfuscated. Our software is not designed to handle PHI under regulations like HIPAA, and should not be used for such data.
For more details, see our Terms of Service and Privacy Policy.
Certifications
Timefold is in the process of getting ISO 27001 certified. Contact us if you have specific requirements.